lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 9 Jul 2023 11:26:46 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     stable-commits@...r.kernel.org, jpoimboe@...nel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>, Zack Rusin <zackr@...are.com>,
        VMware Graphics Reviewers 
        <linux-graphics-maintainer@...are.com>,
        David Airlie <airlied@...il.com>,
        Daniel Vetter <daniel@...ll.ch>
Subject: Re: Patch "drm/vmwgfx: Add unwind hints around RBP clobber" has been
 added to the 6.4-stable tree

On Sun, Jul 09, 2023 at 01:03:10AM -0400, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
> 
>     drm/vmwgfx: Add unwind hints around RBP clobber
> 
> to the 6.4-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      drm-vmwgfx-add-unwind-hints-around-rbp-clobber.patch
> and it can be found in the queue-6.4 subdirectory.
> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@...r.kernel.org> know about it.
> 
> 
> 
> commit aeb6b7c6b6ef84ab496189cdbc698426092aa46c
> Author: Josh Poimboeuf <jpoimboe@...nel.org>
> Date:   Mon Jun 5 09:12:22 2023 -0700
> 
>     drm/vmwgfx: Add unwind hints around RBP clobber
>     
>     [ Upstream commit a9da8247627eefc73f909bf945031a5431a53993 ]
>     
>     VMware high-bandwidth hypercalls take the RBP register as input.  This
>     breaks basic frame pointer convention, as RBP should never be clobbered.
>     
>     So frame pointer unwinding is broken for the instructions surrounding
>     the hypercalls.  Fortunately this doesn't break live patching with
>     CONFIG_FRAME_POINTER, as it only unwinds from blocking tasks, and stack
>     traces from preempted tasks are already marked unreliable anyway.
>     
>     However, for live patching with ORC, this could actually be a
>     theoretical problem if vmw_port_hb_{in,out}() were still compiled with a
>     frame pointer due to having an aligned stack.  In practice that hasn't
>     seemed to be an issue since the objtool warnings have only been seen
>     with CONFIG_FRAME_POINTER.
>     
>     Add unwind hint annotations to tell the ORC unwinder to mark stack
>     traces as unreliable.
>     
>     Fixes the following warnings:
>     
>       vmlinux.o: warning: objtool: vmw_port_hb_in+0x1df: return with modified stack frame
>       vmlinux.o: warning: objtool: vmw_port_hb_out+0x1dd: return with modified stack frame
>     
>     Fixes: 89da76fde68d ("drm/vmwgfx: Add VMWare host messaging capability")
>     Reported-by: kernel test robot <lkp@...el.com>
>     Link: https://lore.kernel.org/oe-kbuild-all/202305160135.97q0Elax-lkp@intel.com/
>     Link: https://lore.kernel.org/r/4c795f2d87bc0391cf6543bcb224fa540b55ce4b.1685981486.git.jpoimboe@kernel.org
>     Signed-off-by: Josh Poimboeuf <jpoimboe@...nel.org>
>     Signed-off-by: Sasha Levin <sashal@...nel.org>
> 
> diff --git a/arch/x86/include/asm/unwind_hints.h b/arch/x86/include/asm/unwind_hints.h
> index 01cb9692b160a..85cc57cb65392 100644
> --- a/arch/x86/include/asm/unwind_hints.h
> +++ b/arch/x86/include/asm/unwind_hints.h
> @@ -76,9 +76,18 @@
>  
>  #else
>  
> +#define UNWIND_HINT_UNDEFINED \
> +	UNWIND_HINT(UNWIND_HINT_TYPE_UNDEFINED, 0, 0, 0)
> +
>  #define UNWIND_HINT_FUNC \
>  	UNWIND_HINT(UNWIND_HINT_TYPE_FUNC, ORC_REG_SP, 8, 0)
>  
> +#define UNWIND_HINT_SAVE \
> +	UNWIND_HINT(UNWIND_HINT_TYPE_SAVE, 0, 0, 0)
> +
> +#define UNWIND_HINT_RESTORE \
> +	UNWIND_HINT(UNWIND_HINT_TYPE_RESTORE, 0, 0, 0)
> +
>  #endif /* __ASSEMBLY__ */
>  
>  #endif /* _ASM_X86_UNWIND_HINTS_H */
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg_x86.h b/drivers/gpu/drm/vmwgfx/vmwgfx_msg_x86.h
> index 0b74ca2dfb7bd..23899d743a903 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg_x86.h
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg_x86.h
> @@ -105,10 +105,14 @@
>                          flags, magic, bp,		\
>                          eax, ebx, ecx, edx, si, di)	\
>  ({							\
> -        asm volatile ("push %%rbp;"			\
> +        asm volatile (					\
> +		UNWIND_HINT_SAVE			\
> +		"push %%rbp;"				\
> +		UNWIND_HINT_UNDEFINED			\
>                  "mov %12, %%rbp;"			\
>                  VMWARE_HYPERCALL_HB_OUT			\
> -                "pop %%rbp;" :				\
> +                "pop %%rbp;"				\
> +		UNWIND_HINT_RESTORE :			\
>                  "=a"(eax),				\
>                  "=b"(ebx),				\
>                  "=c"(ecx),				\
> @@ -130,10 +134,14 @@
>                         flags, magic, bp,		\
>                         eax, ebx, ecx, edx, si, di)	\
>  ({							\
> -        asm volatile ("push %%rbp;"			\
> +        asm volatile (					\
> +		UNWIND_HINT_SAVE			\
> +		"push %%rbp;"				\
> +		UNWIND_HINT_UNDEFINED			\
>                  "mov %12, %%rbp;"			\
>                  VMWARE_HYPERCALL_HB_IN			\
> -                "pop %%rbp" :				\
> +                "pop %%rbp;"				\
> +		UNWIND_HINT_RESTORE :			\
>                  "=a"(eax),				\
>                  "=b"(ebx),				\
>                  "=c"(ecx),				\

This adds build warnings to the build, so I am going to drop this one
for now, sorry.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ